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The data processing system herein seam- 
lessly processes both encrypted and non- 
encrypted data and instructions. The system 
includes an internal cache n:iemory in a secure 
physical region that is not accessible to a user 
of the system. An external memory is positioned 
outside of the secure physical region and stores 
encrypted and non-encrypted data and instruc- 
tions. The system includes an instruction to 
access a private key contained within the sec- 
ure physical region. That key is used to decrypt 
an encrypted master key that accompanies en- 
crypted data and instructions. An interface cir- 
cuit is positioned in the secure physical region 
and decrypts each encrypted master key 
through the use of the private key and also 
decrypts encrypted data and instructions as- 
sociated with each decrypted master key. A 
plurality of segment registers In the secure 
physical region maintain a record of active 
memory segments in the external memory and 
associates therewith each decrypted master 
key A central processor accesses segments of 
both non-encrypted and encrypted data and 
instructions from the external memory and 
causes the interface circuit to employ a decryp- 
ted master key to de-encrypt data and instruc- 
tions from the external memory and to store the 
de-encrypted information in the internal mem- 
ory cache. Non-encrypted data and instmctions 
are directly stored in the internal memory 
cache. 
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This invention relates to a system for seamlessly 
processing encrypted and non-encrypted data and in- 
structions and, more particularly, to a data process- 
ing system that incorporates cryptographic architec- ^ 
tural features that inhibit unauthorized usage of en- s 
crypted media. 

Substantial efforts have been devoted to the pre- 
vention of copying of proprietary software. Such ef- 
forts have generally failed and it is now accepted that 
the most effective method for protecting proprietary io 
software is through the vehicle of use protection and 
not copy protection. Use protection generally involves i 
the encryption of the software and its de-encryption 
atthe pointof use. A classic met hod used tosenddig- 
itat information securely between a provider and a is 
consumer is via a single key crypto system such as 
is prescribed In the "Data Encryption Standard" by * 
the National Bureau of Standards. In this process, a 
single key is used for encryption and de-encryption, 
Is kept secret and, for added security, is changed fre- 20 
quently. One' process for key changing is termed "key 
chaining" and Involves the placing of new keys at 
agreed upon places within an encrypted data stream. 
Absolute security of this method relies on the secrecy 
of, at least, one seed key. Since the data communi- 25 
cations channel usually is not physically secure, the 
seed key Is often delivered to the consumer via a 
physically secure channel, such as a trusted courier. 
This is not a practical method for high volume envir- 
onments with many consumers and many types of 30 
data streams. 

A dual key crypto system using both a public and 
private key can eliminate the key distribution problem, 
but requires that the data stream be encrypted with 
a consumer's unique public key. in such Instance, the 3S 
term "public key" means that Its identity is disclosed 
to the media provider. The term "private key" means 
that its identity is concealed from the media provider, 
but may be discovered if the consumer does not exert 
sufficient efforts to maintain Its security. The public 40 
and private keys may be a pair of keys as in a true dual 
key crypto system. Alternatively, assuming a level of 
trust exists between the provider and consumer, the 
private key may be the secret key of a single key cryp- 
to system and the public key used to Identify which 4S 
secret key is used, without disclosing the actual key. 
Thus, in order to restrict access to some subset of all 
consumers and still employ a dual key crypto system, 
the media provider must send a differently encoded 
data stream to each consumer, which data stream is so 
then de-encrypted by the consumer's private key. 
This procedure is also not practical for high volume 
environments. 

A combination of dual key and single key crypto 
systems can reduce the above-noted problems. ss 
There, media is encrypted by a single master key 
within a provider's physically secure environment. 
The master key (hereinafter referred to as Media 
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Master Key or MMK) is then further encrypted using 
a public key provided by the consumer or a secret key 
possessed both by the provider and the consumer. 
The encrypted MMK and is then distributed along 
with the media or via a separate key request transac- 
tion. The consumer then uses its private key to de-en- 
crypt the MMK. The de-encrypted MMK then enables 
de-encryption of the media in the consumer's secure 
physical environment. 

The above described data isecuTity techniques 
and variations thereof can be found in the following 
prior art In U.S. Piatent 4,465,901 to Best, a crypto- 
microprocessor executes an enciphered program by 
piecemeal deciphering of enciphered Instructions, as 
it needs them. By deciphering small portions of the 
program only when they are needed, Best avoids the 
need for storing the entire program In Its deciphered 
form. Various' methods of encryption are described, 
with Best Indicating that the microprocessor chip may 
use a unique cipher key or table for deciphering pro- 
gram instructions so that the program can be execut- 
ed on one chip and cannot be run on any other micro- 
processor. 

In U.S. Patent 4,558,176 to Arnold et al., media 
protection Is implemented by uniquely enciphering 
the media for each customer. Furthermore, the Ar- 
nold et al. central processing unit Is required to switch 
modes when changing from encrypted software to 
non-encrypted software. Thus, express instructions 
must be provided to enable the mode switch and the 
application programmer must be aware of the mode 
switch requirements. 

U.S. Patent 4,634,807 to Chorley et al. describes 
an add-on to a host computer which employs a data 
encryption algorithm and a key that is encrypted us- 
ing a public key of a public/private key system. The 
encrypted software module is entered Into a software 
protection device where the private key decodes the 
data encryption key. Once the de-encryption is com- 
plete, the host computer Is enabled to use the decod- 
ed software but It does so through an input/output 
channel which Is accessible to the user and is a point 
at which a de-encryption attack can be levelled. 

U.S. Patent 4,807.288 to Ugon et ai. describes a 
one chip microprocessor for Implementing a pub- 
lic/private key encryption function. The chip micropro- 
cessor does not execute the data but merely acts as 
a decoder. The system is thus subject to attack at the 
input/output port to the microprocessor. 

U.S. Patent 4,850,017 to Matyas, Jr. et al. de- 
scribes a dual key encryption system wherein control 
values are authenticated and control access to cryp- 
tographic keys. 

U.S. Patent 4.847,902 to Hampson. describes a 
computer which selectively decrypts instructions 
from main memory, using one of a plurality of keys. 
Instructions are decrypted only during execution 
when these Instructions are transferred from main 
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memory to a cache memory associated with the com- 
puter. In the Hampson system, only one key is activat- 
ed at any one time, and a switch of keys requires a call 
to a subroutine. Thus, while key switching is enabled,- 
it is accomplished in a manner which must be known ' 
to the application programmer and accounted for in 
the program. Further, there is no Indication in Hamp- 
'son that he addresses both encrypted data and in- 
structions. 

U.S. Patent 4,888,798 to Earnest describes com- 
puter software that includes both authorized and un- 
authorized elements. The user may unlock anyone or , 
more of the authorized elements by entering corre- 
sponding encryption keys, usually a key for each au- 
thorized element. In addition, multiple keys are indi- 
cated as being utilized to enable access to a de-en- 
crypting key. 

In summary, the prior art indicates use of en- 
crypted data, encrypted instructions, the use of en- ' 
crypted keys to de-encrypt software, the use of clear 
keys for de-^ncryption purposes and the use of se- 
cure processing environments wherein de-encrypted 
data is protected. In much of the above prior art, how- 
ever, user access Is allowed to either clear data or 
clear instructions as they are passed back and forth 
between a processor and a de-encrypting processor 
Furthermore, In the known prior art, the operating 
processor is required to operate in different modes 
when dealing with encrypted and non-encrypted 
software media. As a result, the application software 
designer must continually be aware of such modes 
and invoke them at the proper times. 

Accordingly, In one aspect of the present inven- 
tion there Is provided a system for handling encrypted 
media wherein the system's central processing unit Is 
able to handle both encrypted and non-encrypted 
data and instructions in a seamless fashion. 

In a further aspect of the present invention there 
is provided a system for encrypted and de-encrypted 
of software media that is integrated into a memory 
management architecture of a central processing unit. 

in a further aspect of the present invention a cen- 
tral processing unit is enabled to simultaneously ac- 
cess encrypted and non-encrypted instructions and 
data without the need for explicit mode switch instruc- 
tions. 

The data processing system herein seamlessly 
processes both encrypted and non-encrypted data 
and Instructions. The system includes an internal 
cache memory in a secure physical region that is not 
accessible to a user of the system. An external mem- 
ory Is positioned outside of the secure physical region 
and stores encrypted and non-encrypted data and in- 
structions. The system includes an instruction to ac- 
cess a private key contained within the secure phys- 
ical region. That key is used to decrypt an encrypted 
master key that accompanies encrypted data and in- 
structions. An interface circuit is positioned in the se- 



cure physical region and decrypts each encrypted 
master, key through the use of the private key and 
also decrypts encrypted data and instructions asso- 
ciated with each decrypted master key. A plurality of 

5 segment registers In the secure physical region main- 
tain a record of active memory segments in the exter- 
nal memory and associates therewith each decrypt- 
ed master key. A central processor accesses seg- 
ments of both non-encrypted and encrypted data and 

10 instructipns from the external memory and causes 
the interface circuit to employ a decrypted master key 
to de-encrypt data and instructions from the externfil 
memory and to store the de-encrypted information in 
the internal memory cache. Non-encrypted data and 

15 instructions are directly stored in the internal memory 
cache. 

An embodiment of the invention will now be de- 
scribed by way of example with reference to the ac- 
companyihlg drawings in which Fig. 1 illustrates inter- 
20 actions between a nr\edia provider and a remote proc- 
essor whereby encrypted media Is transferred to the 
remote processor along with an encrypted media 
master key. 

Fig. 2 is a block diagram of a portion of the remote 

25 processor of Fig. 1, illustrating portions thereof that 
are Involved In the encryption/de-encryptlon of both 
the media master key and received information. 

In Fig. 1. media provider 10 is a facility responsi- 
ble forthe secure storage of associated pairs of public 

30 keys 12 and private keys 14. A public key 12 may be 
a remote processor's serial number or other number 
assigned to it by either a manufacturer or media pro- 
vider 10. A private key 14 may be a number or other 
alphanumeric sequence assigned to the remote proc- 

35 essor by media provider 10 or the vendor of the re- 
mote processor or from another source. Public and 
private keys 12 and 14 may be a pair of keys as in a 
true dual key crypto system. Alternatively, private key 
14 may be the secret key of a single key crypto sys- 

40 tern and public key 12 used as a means to identify 
which secret key Is used, without disclosing the ac- 
tual key. Media provider 10 contains a complete re- 
cord of all public keys 12 and their associated private 
keys 14. Media provider 10 also contains MMK's 16 

45 which are used to encrypt media 17 and associated 
media identifiers that identify the encrypted media. 

A remote processor 18 is connected to media pro- 
vider 10 via a duplex communication channel 20. Re- 
mote processor 18 has an input for encrypted media 

so 22 and contains copies in storage of both its public 
and private keys, such storage being physically inac- 
cessible to the user. The public key is accessible to 
the user via a program Instruction. Remote processor 
18 may obtain encrypted media directly from media 

55 provider 1 0 over channel 20, or from a local source. 
In either case, the media is commonly encrypted us- 
ing a media master key. Different media may be en- 
crypted with different media master keys. 
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Once a user obtains encrypted media 22, either 
directly or via channel 20. the user causes ren[ibte 
processor 1 8 to transmit a media key request to med ja 
provider 10. The media key request includes a copy 
of the user's public key and the media identifier of the 
requested media. When that information is received 
by media provider 10, the received public key 12 en- 
ables a locally stored (and associated) private key 14 
to be accessed. At the same time, the media identifier 
is used to access a particular media master key that 
was used to encrypt the requested media. Then, the 
accessed private key 14 is used to encrypt the media 
master key and the encrypted media master key Is 
then transmitted back to remote processor 18 as part 
of a media key response from media provider 10. 

Upon receipt of the encrypted media master key, 
it is entered Into a secure physical region of remote 
processor 18 and Is de-encrypted using a copy of pri- 
vate key 14 that is stored therein. A clear copy of the 
media master key is then stored within the secure 
physical region and is employed to de-encrypt the 
media as It is processed within a secure physical re- 
gion within remote processor 18. 

In the described manner, security is maintained 
by never disclosing de-encrypted copies of either pri- 
vate key 14 or the media master key.in any facility ac- 
cessible to the public. Further, encrypted media is de- 
encrypted, utilized, and then, if necessary, re-en- 
crypted, all within a secure physical region within re- 
mote processor 18. In this way, use of encrypted me- 
dia 22 is controlled, and there is no requirement for 
personalized encryption of the media, as it is only the 
media master key that is specially encrypted. Thus, 
encrypted media 22 can be generally distributed so 
long as the encrypted status of the media master key 
is securely maintained. The encrypted media is unus- 
able to those that have not been provided with an ap- 
propriately encoded media master key. 

Turning now to Fig. 2, the secure physical region 
within processor 18 comprises CPU semiconductor 
chip 30 and its included circuitry, all of which is inac- 
cessible to the user. As will be hereinafter under- 
stood, only within CPU chip 30 is there found de-en- 
crypted media in its clear form, a clear copy of a pri- 
vate key 14 and de-encrypted copies of various me- 
dia master keys. 

CPU chip 30 contains two programmable read- 
only memory (ROM) registers, one register 32 con- 
taining a de-encrypted form of a public key 12 and 
one register 34 for containing a de-encrypted form of 
the processor's private key 14. Both registers are pro- 
grammed by the manufacturer or by the first seller 
and once programmed may not be altered. As above 
indicated, the value in public key register 32 may be 
a serial number of processor 18 that is assigned by 
the manufacturer. The number in private key register 
34 is an identifier assigned by the manufacturer and 
is uniquely paired with public key register 32 within 



processor 18." ' 

Registers 32 and 34 provide their outputs to a bus 
interface module 36 that provides all interface func- 
tions between CPU chip 30 and the external compo- 

5 nents of processor 1 8. Those external components in- 
clude a random access memory (RAi^) 38, one or 
more I/O ports 40 and one or more media systems 22. 
Media system 22 may be a floppy disk system, a car- 
tridge read/only or read/write system, etc. Each of the 

10 aforementioned components of processor 18 is con- 
nected to bus interface module 36 via a bus 44. 

Within CPU chip 30 a bus 46 provides internal 
communications between CPU 48, an instruction 
cache 50 and a data cache 52. Contained within bus 

15 interface 36 is an encryption/de-encryption module 
54 that functions to de-encrypt Incomihg encrypted 
instructions and data on bus 44 for use within CPU 
chip 30 and to encrypt outgoing data on bus 44 for 
storage in RAM 38, passage to I/O port 40 or into me- 

20 dia 22. No "secure" data ever appears in a de-en- 
crypted state on bus 44 or in any of modules 38, 40 
or 22. 

A plurality of memory segment registers 56 are 
connected to bus interface 36 and, In addition to pro- 

25 viding known segment identification functions, per- 
form a special function of indicating whether informa- 
tion in a memory segment Includes encrypted Infor- 
mation and, if so, the de-encrypted media master key 
that will de-encrypt the encrypted information. As is 

30 known to those skilled In the art, segment registers 
hold values that control which portions of memory a 
program uses and are classified as code segments, 
data segments or stack segments. 

CPU chip 30 has a segmented memory and to a 

35 program, the memory's address space is divided into 
chunks or segments and the program can only access 
data contained in those segments. Within each seg- 
ment, addressing is linear and the program can ac* 
cess byte 0, byte 1, byte 2, etc. with the addressing 

40 being relative to the start of the segment. Active 
data/instruction segments are tracked by the pro- 
gram's use of various ones of segment registers 56. 

Each segment register 56 contains a first field 58 
that includes the segment's start address and a 

45 length designator or ending address of the 
data/instructions encompassed by the segment. As- 
sociated with field 58 is an additional section 60 that 
includes an indication of whether the memory seg- 
ment is encrypted or non-encrypted. Field 60 may be 

50 comprised of a single bit (or flag) to provide such an 
indication. Each segment register also has a third 
field 62 for storage of a decrypted media master key 
that will enable decryption of information stored in the 
associated memory segment. 

55 As a variety of program segments from different 

sources may be invoked during the operation of CPU 
chip 30, a plurality of segment registers 56 are provid- 
ed, each separately programmed to indicate its en- 
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cryption state and the media master key that is to be 
used in decryption or encryption of information in the 
memory segment ' ^ 

As above indicated, an objective of this invention 
is to accomplish encryption and de-encryption in a 
manner which is integrated into the memory manage- 
ment architecture of processor 18. By organizing the 
procedures within processor 18 in such a manner, 
protected (encrypted) Instructions and data can be 
accessed along with non-protected Instructions and 
data, with there being no need for an explicit mode 
switch within the processor. In other words, proce- 
dures in processor 1 8 operate in a mode that is trans- 
parent to whether the data/instructions are encrypted 
or non-encrypted. This manner of operation Is accom- 
plished by the inclusion of two special instructions 
used by the operating system of processor 18. Those 
Instructions are illustriated', schematically, in RAM 38 
as Set Segment Key Instruction 64 and Get Public 
Key instruction 66. 

Set segment key instruction 64 uses private key 
value 14 in private key register 34 (within CPU chip 
30) to decrypt a received encrypted media master 
key. The resulting clear media master key is stored in 
segment register 56 at a position 62 adjacent the par- 
ticular program segment encrypted v/\th the specific 
media master key. The set segment key instruction 64 
is also used to turn on or to turn off the associated en- 
cryption bit 60. It is to be understood, that while set 
segment key instruction 64 resides in RAM 38. all 
functions performed in accordance with its com- 
mands occur within CPU chip 30 and are hidden from 
the user. 

Get public key Instruction 66 returns a public key 
value 12 from public key register 32. As aforemen- 
tioned, the public key value in public key register 32 
is a number that Is unique to CPU chip 30 and, In me- 
dia provider 10 (Fig. 1), is associated with the private 
key value 14 in private key register 34. Within media 
provider 10, the public key value 12 received from 
processor 18 is used to access the stored and asso- 
ciated private key value 14 of processor 18. That pri- 
vate key value is then used to encrypt the media mas- 
ter key which was used to encrypt media 22. 

When media provider 10 returns the encrypted 
media master key to processor 18 via media 42 or I/O 
port 40, it Is temporarily stored in RAM 38. Then, set 
segment key Instruction 64 is executed and causes 
the encrypted media master key to be read to bus in- 
terface 36. Bus Interface 36, under control of encryp- 
tion/de-encryption module 64 uses the private key 
value 14 (stored In private key register 34) and em- 
ploys the private key 14 to de-encrypt the media mas- 
ter key. The de-encrypted media master key is then 
placed In segment register 56 in field 62 adjacent the 
address of the media that was encrypted with the me- 
dia master key. At the same time, a bit in associated 
register position 60 is set to indicate the fact that the 



segment is encrypted- 

Now, assuming that CPU 48 calls for data or In- 
structions not present In either Instruction cache 50 
or data cache 52, such instruction causes the appro- 

5 priate information to be read from RAM 38 to bus in- 
terface 36, irrespective of whether the information Is 
encrypted or non-encrypted. If the information Is en- 
crypted, bus interface 36 knows that fact by virtue of 
the state of the flag in memory segment field 60. As- 

10 suming that the data segment is encrypted, bus inter- 
face 36 calls for the de-encrypted media master key 
in field 62 of segment register 56 associated with the 
recalled address. That media master key Is then em- 
ployed by encryption/de-encryption module 54 to de- 

15 encrypt the Incoming Information, with the de-en- 
crypted Information then being placed In either data 
cache 52 or Instruction cache 50, as the case may be. 

By contrast, if bus interface 36 receives non-en- 
crypted data from RAM 38, the lack of a set flag in 

20 field 60 in the associated segment register 56 indi- 
cates that the arriving Information is non-encrypted. 
In such case, bus Interface 36 passes the requested 
data to the respective cache memory without altera- 
tion. 

25 As can thus be seen, CPU chip 30 operates on 

data in a seamless fashion, Irrespective of whether 
the data Is encrypted or non-encrypted or which of 
many memory segments contain the data. There is no 
requirement for mode switching to handle encrypted 

30 data, nor are de-encrypted data/instructions ever 
available to the user. If the system requires more than 
one CPU chip, a bus interface must be provided for 
each CPU chip so that only encrypted data travels be- 
tween chips. 

35 To enable further data security, an encryption 

control module 68 is contained within data cache 52 
and prevents an encrypted data segment from being 
referenced by other than an encrypted instruction 
segment. Thus, when an executing Instruction refer- 
40 ences data from data cache 52, encryption control 68 
checks to determine whether the instruction resides 
in a memory segment containing a set flag in field 60 
of a segment register 56. If the flag in field 60 is set, 
the Instruction is enabled to call any data or instruc- 
ts tion, irrespective of whether that data/instruction is 
from an encrypted or non-encrypted memory seg- 
ment. If the instruction Is Indicated as being from a 
non-encrypted code segment, encryption control 68 
inhibits it from referencing any encrypted data seg- 
50 ment. This feature prevents reverse engineering of 
code by disassembly. It also prevents an intruder 
from creating a program to copy an encrypted data 
segment into an unencrypted data segment. This is 
because all encrypted program instructions must 
55 come from the media provider as the media provider 
Is the only one who can create an encrypted MMK for 
the program. 

Lastly, if segment register 56 is employed In a vir- 
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tuai memory processor system, the Set Segment Key 
instruction is indirectly performed by extending the 
existing virtual segment descriptors by adding fields 
for an encrypted media master key and a flag. Those ^ 
fields indicate the encryption/non-encryption state of 
the associated virtual memory segment. 

It should be understood that the foregoing de- 
scription is only Illustrative of the invention. Various al- 
ternatives and modifications can be devised by those 
skilled in the art without departing from the invention. 
Accordingly, the present invention is Intended to em- 
brace all such alternatives, modifications and .vari- 
ances which fall within the scope of the appended 
claims. 



Claims 

1 . A data processing system for processing both en- 
crypted and non-encrypted data and instruc- 
tions, said system including a secure physical re- 
gion inaccessible to a user of said system, said 
system comprising: 

internal memory means in said secure 
physical region for storing de-encrypted and non- 
encrypted digital information; 

external memory means outside of said 
secure physical region, or storing an instruction 
to access a private key within said secure physi- 
cal region for use in de-encrypting an encrypted 
master key; 

interface means in said secure physical 
region for de-encrypting said encrypted master 
key through the use of an accessed private key 
and for de-encrypting information encrypted with 
a said master key; 

segment register means in said secure 
physical region for maintaining a record of active 
memory segments and for associating de-en- 
crypted master keys therewith; and 

a central processor within said secure 
physical region for accessing segments of both 
non-encrypted and encrypted information stored 
in addresses in said external memory means and 
for causing said interface means to employ a said 
de-encrypted master key, that is associated in 
said segment register means with an address 
that has been accessed, to de-encrypt informa- 
tion from said address and to store de-encrypted 
information in said internal memory means and, 
in the case of non-encrypted information from 
said external memory means, to directly store 
said information in said internal memory means. 

2. The data processing system as claimed in claim 
1 wherein said information may be either data or 
instructions or both. 
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3. The data processing system as claimed in claim 
2 wherieih isaid segrhent register means included 
a flag which indicates whether Information within 

• a said dMa segment are endrypted or not, said in- 
5 terface means being responsive to a said flag in 

Its processing of information from said external 
means. 

4. The data processing system as. claimed in claim 
10 3 wherein said interface means i)s responsive to 

a said flag to enable encryption of informatio.n 
that is being triansferred from said internal mem- 
ory means to said external memory means, if 
said flag indicates said segment includes en- 
15 crypted information. 

5. The data processing system as claimed in any 
preceding wherein said segment register means 
comprises a plurality of registers, each said reg- 

20 ister including aisegment address and length or 

end address field, a flag field, and a field for hold- 
ing a de-encrypted media master key. each said 
register employed by said CPU in its accessing of 
data addresses within a said segment. 

25 

6. The data processing system as claimed in any 
preceding claim further comprising: 

read only memories within said secure 
physical region for storing both a public key and 
30 a private key. 

7. The data processing system as claimed in claim 
6. wherein said external memory means includes 
an instruction to return said public key from said 

35 public key read only memory for storage in said 

external memory means, whereby said public 
key may be transmitted to a secure locale where 
it is stored in association with said private key, 
said private key thereby being accessible for use 

40 in encrypting a media master key. 

8. The data processing system as claimed in any 
preceding claim wherein all instructions and data 
transferred between said central processor and 

45 said interface means occur within said secure 

physical region and are thereby inaccessible to a 
user. 

9. The data processing system as claimed in any 
50 preceding claim further comprising: 

encryption control means for preventing a 
non-encrypted instruction from accessing any 
memory segment that contains encrypted infor- 
mation. 

55 

10. The data processing system as claimed in claim 
9 wherein said segment register means includes 
a flag associated with each active memory seg- 

6 
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ment, said flag Indicating an encrypted status, 
said encryption control means responsive to a ' 
state of said flag In performing its function. 

11. The data processing system as claimed. in any s 
preceding 1 wherein said segment register 
means stores a plurality of de-encrypted media 
master keys, for de-encrypting data and instruc- 
tions contained in media enprypted through the 

use of said media master keys, said de-encrypt- io 
ed data and instructions employed by said central . 
processor. 

12. In a data processing system that processes both 
encrypted and non-encrypted data and instruc- is 
tions, said system including a secure physical re- 
gion inaccessible to a user of said system, a 
method comprising: ' 

storing in said secure physical region de- 
encrypted and non-encrypted digital information; 20 

storing in external mennory means outside 
of said secure physical region, an instruction to 
access a private key within said secure physical 
region for use in de-encrypting an encrypted 
master key; ' ^5 

de-encrypting in an interface means in 
said secure physical region, said encrypted mas- 
ter key through the use of an accessed private 
key and de-encryptIng information encrypted 
with a said master key; 30 

maintaining in a segment register means 
In said secure physical region, a record of active 
memory segments and associated de-encrypted 
master keys; 

accessing within said secure physical re- 3S 
gion segments of both non-encrypted and en- 
crypted information stored In addresses in said 
external memory means; 

causing said interface means to employ a 
said de-encrypted master key that Is associated 40 
in said segment register means with an address 
that has been accessed, to de-encrypt Informa- 
tion from a said address; and 

storing said de-encrypted information in 
said internal memory means and, in the case of 45 
non-encrypted information from said external 
memory means, storing said information in said 
internal memory means. 
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